labs.mwrinfosecurity.com labs.mwrinfosecurity.com

Stockholm Sec-T Conference Roundup

When you talk about attending a major security conference it is tempting to dream of a trip to the lights and glamour of Las Vegas. However, what often gets lost is that it is the speakers and the content that make a conference not just the surroundings. So when considering this important fact the inaugural Sec-T conference in Stockholm was a very exciting prospect for anybody interested in cutting edge security research. No matter...

labs.mwrinfosecurity.com labs.mwrinfosecurity.com

Defcon 16 Talk Review: Advanced Software Armouring and Polymorphic Kung-Fu

At the Defcon 16 conference in Las Vegas, Nick Harbour showed off his new Windows executable packer, PE-Scrambler. It uses some interesting, and sometimes downright devious techniques to make analysis of the binary harder. Rather than blindly manipulating the bits and bytes of the code to compress or encrypt it as many traditional packers, PE-Scrambler disassembles the code and manipulates it at a logical level to sabotage many of the...

labs.mwrinfosecurity.com labs.mwrinfosecurity.com

EuSecWest 2009 Run Down

I recently had the good fortune to attend EuSecWest 2009. EuSecWest is one of those great conferences where it’s full of very knowledgeable, like-minded individuals but is small enough that by the end everybody kind of knows everybody, if they didn’t already! The talks were all very technical and of good quality I had the pleasure of engaging in many interesting discussions. Here are a few highlights from talks that interested me...

labs.mwrinfosecurity.com labs.mwrinfosecurity.com

Singing the Mainframe Security Blues?

As an Information Security Officer what is the one question that the non-technical executives ask you the most? Usually it’s as simple as “Are we secure?” – and the answer had better be “Yes”. Anyone who’s had to back that answer up will have done their background research, been to conferences, read books and talked to their counterparts in other companies. Invariably this will have equipped you with knowledge of IT...

labs.mwrinfosecurity.com labs.mwrinfosecurity.com

DeepSec 2009

The DeepSec security conference was held between November 17th and November 20th at the Renaissance Hotel next to the Imperial Riding School in Vienna. MWR InfoSecurity were invited to speak at the event for the second year in a row with Luke Jennings presenting a talk about attacking deployment solutions. The event was well managed and both attendees and speakers were well looked after by the organisers. The conference had a nice...

labs.mwrinfosecurity.com labs.mwrinfosecurity.com

Have you got bad timing?

Timing attacks have a long and successful history when used against a wide variety of systems and technologies. This is because these attacks can take so many forms, from vulnerabilities related to race conditions, or blind SQL injection vectors which use delays in execution through to the timing of a UNIX login. One of the classic timing attacks is based on measuring the difference in the time an application takes to complete two...

labs.mwrinfosecurity.com labs.mwrinfosecurity.com

Aurora and Web Browser Security

Germany’s BSI (Federal Office for Information Security) recently warned web users not to use Microsoft Internet Explorer. The BSI advised users to switch to an alternative browser in the mean time until a patch was made available. Shortly after this release France’s Certa agency also issued a similar warning to users. What is the implication of these statements? It would seem like an 0day for an “alternative browser” has just...

labs.mwrinfosecurity.com labs.mwrinfosecurity.com

Debuggable Apps in Android Market

Whilst doing Android application security reviews for our clients MWR repeatedly identify Android applications that are shipped with debugging enabled. However, even without also performing an in depth assessment of the Dalvik VM debugging implementation this was assumed to be a high risk issue and on we report as such to our clients. This opinion was always based on the assumption that any application could initialise the debugging...

labs.mwrinfosecurity.com labs.mwrinfosecurity.com

A Reason to Visit Stockholm in September?

The SEC-T security conference was held in Stockholm last week. This event which is now in its 3rd year is a major reason to visit the city at this time of year. SEC-T may be a newcomer compared to some of the more established events but it has nothing to fear from them as the high quality of the talks has proven over the past three years. This year heralded a new venue on the city’s Southern Island of Södermalm which provided a cosy...